Splunk Search

Discussions

Thread Info

How to write my token for a drop-down list search on my dashboard?

Hi all, I wanted to know if someone can help me figure out how to write my token for the following drop-down list...

by Path Finder in

How to count the number of recipients getting an email from a specific domain.

I have my search currently showing a count of one email to each user when I send a test email. I want to be able to t...

by Explorer in

Lost SDEE connection to Cisco IPS after upgrading from 6.2 to 6.3.

The SDEE Troubleshooting search shows a successful connection to the IPS but errors on an unexpected keyword argument...

by Explorer in

What are OTHER and VALUE data generated by doing a geostats count by Region on Splunk maps?

I'm doing a geostats count by Region (after doing an iplocation on my customer's ip): 1) if data is put into "OTHER",...

by Path Finder in

Usinig Windows Storage Server 2012 as the Event collector and Splunk forwarder.

Hi all, Is it available using Windows Storage Server 2012 as the Event collector and Splunk forwarder which gather...

by New Member in

How do I extract these fields from Avaya CDR logs that are currently missing from search results?

Hello, We have avaya phones in our environment and logs are being populated to Splunk. We need to get some basic r...

by Engager in

How to create a search to find user ID's that are fraudulently using rewards for a retail business based on multiple uses of the same reward?

Hi Business - Retailer Requirement - I need to know how to create a search for rewards announcements in a retail b...

by New Member in

Regex help

Hello, Would anyone know the regex value for the final numeric value after the last comma in the following log en...

by Communicator in

Divide a severity count by host count in a timechart

Hi folks, I guess what I am trying to do is create a timechart based on a scan events severity rating(low, med, hi...

by Communicator in

If I have a process id that fails to log in to Splunk, how can I find out what the failure was?

I ran this search: index=_audit action=failure | stats count by _time,user,action which returned a desired res...

by Communicator in

How to define a data filter in order to apply different fields extractions for 2 different events from the same source?

Hello, I am new to Splunk Enterprise Here is my problem: I have a data source in the form of text files which ...

by New Member in

Why am I unable to extract fields from multiline events with my current props.conf configuration?

Hi All, I am trying to extract fields from multiline events which were injected from our server to Splunk. We h...

by New Member in

How to create a search based on timestamps from another search?

Hi, My issue is I have two different searches, first: index=test user=test document=* second: index=test2 user=t...

by Path Finder in

Why am I getting "Error in 'eval' command: The expression is malformed. Expected )."

Instance_ID is one extracted field in code *. If there is a value in the $ID$ field, then result should list only for...

by New Member in

Blackboard bb-access-logs not parsing correctly

Blackboard has changed the format of the bb-access-logs to include session information. With the new data the logs ar...

by Path Finder in

How to add the latest field value from two hosts?

This is probably going to be a simple answer, but I've racked my brain over it for more time than I should have. I...

by Builder in

How to count number of events in a search result?

The objective of this search is to count the number of events in a search result. This is the current search logic th...

by Builder in

How to search for users logged in to systems from 2 or more IP addresses simultaneously within a 3 second time frame?

I am attempting to identify users who are sharing access to systems from 2 or more IPs within a given amount of time ...

by Path Finder in

How to extract the same fields from multiple log formats?

Hi, I have a 3 different log files and there are 8 different formats in them. All formats have the same fields in...

by Path Finder in

After extracting a field with rex, how can I search for a specific value for this field?

Hi, I wonder whether someone may be able to help me please. I'm using the search below to extract a field call Mat...

by Motivator in

How to wrap cell data into one line in Splunk tables?

Hi, How can I wrap a cell data in a Splunk Statitics Table to one line? I have a lot of data for one field and be...

by Explorer in

Is there a way to output a CSV value from a regex match?

I've got a lookup table that consists of two columns; "Description" and "PCRE". What I'm looking to do is search my p...

by Path Finder in

Is there a unique event ID for each event in the index?

Hi My auditors are questioning and requiring that each event we log into Splunk has a unique identifier added by ...

by New Member in

Join command for big data

I am trying to perform the join on different multi search for a set of time called "Before" and set of time called "A...

by Explorer in

How can I limit the number of events returned from a search?

I'm using Splunk to build some of the basic metrics. Events which are returned run in millions. I have to look for da...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write my token for a drop-down list search on my dashboard?

How to count the number of recipients getting an email from a specific domain.

Lost SDEE connection to Cisco IPS after upgrading from 6.2 to 6.3.

What are OTHER and VALUE data generated by doing a geostats count by Region on Splunk maps?

Usinig Windows Storage Server 2012 as the Event collector and Splunk forwarder.

How do I extract these fields from Avaya CDR logs that are currently missing from search results?

How to create a search to find user ID's that are fraudulently using rewards for a retail business based on multiple uses of the same reward?

Regex help

Divide a severity count by host count in a timechart

If I have a process id that fails to log in to Splunk, how can I find out what the failure was?

How to define a data filter in order to apply different fields extractions for 2 different events from the same source?

Why am I unable to extract fields from multiline events with my current props.conf configuration?

How to create a search based on timestamps from another search?

Why am I getting "Error in 'eval' command: The expression is malformed. Expected )."

Blackboard bb-access-logs not parsing correctly

How to add the latest field value from two hosts?

How to count number of events in a search result?

How to search for users logged in to systems from 2 or more IP addresses simultaneously within a 3 second time frame?

How to extract the same fields from multiple log formats?

After extracting a field with rex, how can I search for a specific value for this field?

How to wrap cell data into one line in Splunk tables?

Is there a way to output a CSV value from a regex match?

Is there a unique event ID for each event in the index?

Join command for big data

How can I limit the number of events returned from a search?

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions